Resources for the Check Point Community, by the Check Point Community.

Tim Hall has done it again! He has just released the 2nd edition of "Max Power".Rather than get into details here, I urge you to check out this announcement post. It's a massive upgrade, and well worth checking out. -E

If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Re: Confwiz or other tools for Cisco to Check Point migration

While confwiz can sometimes work, it is completely unsupported by Check Point, and it won't make a perfect conversion of the rules; it'll make a decent conversion, at best, and a completely useless conversion at worst. In my experience, the better method would be to simply re-create the rulebase, as this ensures that the rules are created in accordance with Check Point best practices, rather than trying to convert a policy from another vendor with a completely different approach to network security.

Re: Confwiz or other tools for Cisco to Check Point migration

Its far from perfect yes (any tools are). I've tested competitors migrations tools and while some of them are waaay more advanced and fancier than confwiz none of them can do 100% job. Its always something with NAT, VPN tunnels etc.

Anyway, if the ruleset is huge it will definitely save you some time. If nothing else to create objects etc.
Also I would like to give thumbs up for Check Point policy optimization service which worked really well for me on gigantic policies!

But yeah, if you have possibility / time to do it from scratch, by all means do that as you can filter out bunch of crap not used and adapt the policy "the Check point way" right from the beginning.

Re: Confwiz or other tools for Cisco to Check Point migration

Hi guys,

Please advise me where I can download the above tools beside going to checkpoint website.
As I really need to convert the Cisco ASA into checkpoint power-1 5070 which is currently on R75.45.
Please also advise me where I can download the R80 firmware and can I directly upgrade it from R75.45 to R80?

Re: Confwiz or other tools for Cisco to Check Point migration

Originally Posted by nkcedwin

Hi guys,

Please advise me where I can download the above tools beside going to checkpoint website.
As I really need to convert the Cisco ASA into checkpoint power-1 5070 which is currently on R75.45.
Please also advise me where I can download the R80 firmware and can I directly upgrade it from R75.45 to R80?

thank you

New guy on the block and still green
Edwin Ng

First off, R75.45 is no longer supported. R77.30 is the oldest actively supported release.

Check out the new SmartMove tool for easily converting Cisco configs to Check Point: sk115416: How to migrate a competitor's database to Check Point with SmartMove

Yes you can upgrade directly from R75.45 to R80.10, although if you are on SecurePlatform instead of Gaia it might be a bit more complicated.

Download of R80.10 is here at usercenter.checkpoint.com: sk111841: Check Point R80.10

If you do not have a support contract for access to download the code, talk to your Check Point SE. Please do not request someone here at CPUG to get it for you.

Re: Confwiz or other tools for Cisco to Check Point migration

Originally Posted by cciesec2006

I've played a bit with Cisco to Checkpoint migration using that sk mentiioned above. It will help with primitive stuffs but for complex NAT in CiscoASA

Converting the NAT policy going from Cisco to Check Point has always been the hardest part about the conversion process. Hopefully at some point Security Zones will be supported for use in Check Point NAT policies as that would have helped out a lot.